Applying 'awscc_connect_approved_origin' causes crash in the awscc plugin

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.

Terraform CLI and Terraform AWS Cloud Control Provider Version

Terraform v1.5.3 on linux_amd64

provider registry.terraform.io/hashicorp/aws v5.8.0
provider registry.terraform.io/hashicorp/awscc v0.55.0
provider registry.terraform.io/hashicorp/null v3.2.1
provider registry.terraform.io/hashicorp/random v3.5.1

Also tested on: Terraform v1.4.6 on linux_amd64

provider registry.terraform.io/hashicorp/aws v4.67.0
provider registry.terraform.io/hashicorp/awscc v0.55.0
provider registry.terraform.io/hashicorp/null v3.2.1
provider registry.terraform.io/hashicorp/random v3.5.1

Affected Resource(s)

awscc_connect_approved_origin

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

This was a small module, but I move the provider into it to give a minimal example. I have changed things like names as this is an internal project at my company, but all configurations are the same.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
    awscc = {
      source  = "hashicorp/awscc"
      version = "~> 0.55"
    }
  }

  required_version = ">= 1.2.0"
}

provider "aws" {
  region  = "ap-northeast-1"
}

provider "awscc" {
  region = "ap-northeast-1"
}

resource "aws_connect_instance" "main" {
  identity_management_type  = "SAML"
  inbound_calls_enabled     = true
  instance_alias            = "MyCallCenter"
  outbound_calls_enabled    = true
  contact_lens_enabled      = true
  contact_flow_logs_enabled = true
  lifecycle {
    prevent_destroy = true
  }
}

resource "awscc_connect_approved_origin" "main" {
  instance_id = aws_connect_instance.main.arn
  origin      = "https://localhost:3000"
}

Debug Output

Sorry, I can't really provide the whole log as it is from an internal project. https://gist.github.com/StianHanssen/0c7217654f81945fb61fd8f71bb411cf

Panic Output

https://gist.github.com/StianHanssen/0c7217654f81945fb61fd8f71bb411cf

Expected Behavior

That it is able to create awscc_connect_approved_origin.

Actual Behavior

Crashes during terraform apply.

Steps to Reproduce

Just run terraform apply.

Important Factoids

After investigating for a while, I found that running the apply with an admin role did not crash like the log above. Instead, I got a much more sensible message:

Waiting for Cloud Control API service CreateResource operation
│ completion returned: waiter state transitioned to FAILED.
│ StatusMessage: This Approved Origin already exists. ErrorCode:
│ AlreadyExists

It is likely the crash is due to the plugin not handling the lack of permissions appropriately.

References

966 (But different error, and I am sure all parts are in the ap-northeast-1 region)

hashicorp / terraform-provider-awscc